Fixed #4033 Special characters in email mailbox password

Till Brehm

2016-07-19 aad102f73868ea83357856c3afe57617f411c83a

Fixed #4033 Special characters in email mailbox password

 interface/lib/classes/auth.inc.php

@@ -213,7 +213,10 @@
        return str_shuffle($password);
    }

    public function crypt_password($cleartext_password) {
    public function crypt_password($cleartext_password, $charset = 'UTF-8') {
        if($charset != 'UTF-8') {
            $cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
        }
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {

 interface/lib/classes/tform_base.inc.php

@@ -901,6 +901,9 @@
                case 'IDNTOUTF8':
                    $returnval = $app->functions->idn_decode($returnval);
                    break;
                case 'TOLATIN1':
                    $returnval = mb_convert_encoding($returnval, 'ISO-8859-1', 'UTF-8');
                    break;
                case 'TRIM':
                    $returnval = trim($returnval);
                    break;
@@ -1263,6 +1266,10 @@
                            } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                            } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
                                // The password for the mail system needs to be converted to latin1 before it is hashed.
                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                            } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                                $record[$key] = $tmp['crypted'];
@@ -1291,6 +1298,10 @@
                            } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                            } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
                                // The password for the mail system needs to be converted to latin1 before it is hashed.
                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                            } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                                $record[$key] = $tmp['crypted'];

 interface/web/mail/form/mail_user.tform.php

@@ -128,7 +128,7 @@
                    'errmsg' => 'weak_password_txt'
                )
            ),
            'encryption'=> 'CRYPT',
            'encryption'=> 'CRYPTMAIL',
            'default' => '',
            'value'  => '',
            'width'  => '30',

 interface/web/mail/mail_user_edit.php

@@ -143,7 +143,6 @@
            if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        }


        //* if its an insert, check that the password is not empty
        if($this->id == 0 && $_POST["password"] == '') {
            $app->tform->errorMessage .= $app->tform->lng("error_no_pwd")."<br>";